Asbjørn Ulsberg wrote:
On Wed, 29 Aug 2007 09:03:05 +0200, Boris Zbarsky <[EMAIL PROTECTED]> wrote:P.S. If we do want to specify what an "origin" is we should perhaps also think about URI schemes that do not have a host and port.Can't we just reference RFC-3986, section 6.2.2 and 6.2.3?
I don't see those saying anything about same-origin. What am I missing?I do think that same-origin checks must be done on fully normalized URIs, of course. Anything else doesn't make sense, really.
-Boris
